Ok, so I have a hypothetical question here.

Lets say I have a certified compliant POS application that stores cc info. The cc info is obviously encrypted because we are certified compliant. Would it still be compliant to take the data (I’m referring to all the pos sales data not just cc info) and upload it to something like an online backup service?

Any thoughts??

Thanks

This should be fine as long as the online backup service does not have access to the encryption keys and the data remains encrypted at the backup service.

This would be no different than sending physical tapes with encrypted cardholder data (CHD) off-site to a document storage company.

I agree, it should be ok, but double check that data is not retained locally unencrypted (when exported from the POS system) or otherwise.